VARIoT IoT vulnerabilities database

iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. apple's iChat Server Exists in unspecified vulnerabilities.None. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks

The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering

ROUTERmate has a default SNMP community name which allows remote attackers to modify its configuration

Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. Cisco Systems Cisco Pix Firewall There are unspecified vulnerabilities in the software.None. PFM itself implements a Web Server with limited functions. PFM Web Server runs on Windows NT. There is a security hole in the URL request processing of PFM Web Server. A remote attacker may use this hole to read any file with a known file name on the system. The attacker must be able to establish a connection to the 8080/TCP port of the Windows NT host. In all recommended configurations and most actual configurations, the 8080/TCP port of the host where the PFM is located is only allowed to be accessed from the inside of the PIX firewall, not from the PIX Access from outside the firewall. Additionally, the attacker must know the exact path of the target file, and the vulnerability does not allow directory browsing

Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service. Cisco Systems Cisco IOS and Cisco Pix Firewall There are unspecified vulnerabilities in the software.None

Both the Cisco PIX Firewall software as the Context-based Access Control (CBAC) feature of Cisco's IOS Firewall Feature Set do not properly check non-initial fragmented IP packets. Although the non-initial fragmented IP packets might belong to session which would normally be blocked, they are forwarded to the destination host. This may lead to a denial of services (DOS) attack due to the exhaustion of resources required to keep track of the fragmented IP packets. The problem can be fixed by keeping track of the sessions that fragmented IP packets belong to and by blocking non-initial fragmented IP packets for which no initial packet has been seen. The DOS attack can easily be carried out by publically available tools.

Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. Cisco Systems Cisco IOS Exists in unspecified vulnerabilities.None

Cisco IOS software is reported prone to a remote denial of service vulnerability. This may allow an attacker to cause a vulnerable device to crash or hang. It is reported that this issue may cause damage to an internal data structure, which could lead to other problems as well. An attacker does not require authentication credentials to exploit this issue, as only access to the login prompt of a device is sufficient to trigger this issue.

By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality. A somewhat common configuration of Cisco PIX firewalls may permit a window of opportunity in which an intruder can bypass the firewall. This problem was first publicly described in July, 1998. Cisco Systems Cisco PIX Firewall Software Exists in unspecified vulnerabilities.None. PIX Firewall is prone to a remote security vulnerability

Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "user" parameter. Version 1.0 fails to eliminate characters with special meaning to the shell prior to executing a command. As a result, an attacker can utilize certain characters to execute arbitrary commands on a system remotely, as whatever user invoked the cgi-bin

Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator. Firewall-1 is prone to a remote security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks